Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e9304f96-c595-4a68-9105-50ed6fd6dd26.roa
File:                     e9304f96-c595-4a68-9105-50ed6fd6dd26.roa (raw, json)
Hash identifier:          JoGQyY78svplrPBBlil8eE4qyZS8yu0dYjJV8j3s14w=
Subject key identifier:   EB:35:2F:BD:B3:9A:C0:86:8A:3A:9C:36:8C:1E:7C:D2:93:2D:05:9D
Certificate issuer:       /CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
Certificate serial:       524713C9D83E3CFA83038113256D252F21EB6BCC
Authority key identifier: 55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e9304f96-c595-4a68-9105-50ed6fd6dd26.roa
Signing time:             Mon 14 Aug 2023 00:00:00 +0000
ROA not before:           Mon 14 Aug 2023 00:00:00 +0000
ROA not after:            Mon 18 Sep 2023 23:59:59 +0000
asID:                     400098
IP address blocks:        199.36.120.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:47:13:c9:d8:3e:3c:fa:83:03:81:13:25:6d:25:2f:21:eb:6b:cc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d
        Validity
            Not Before: Aug 14 00:00:00 2023 GMT
            Not After : Sep 18 23:59:59 2023 GMT
        Subject: serialNumber=1e17540bf7b5a3c3bb424fc24516a2457d58725162db07d78208a4e0d07b07de, CN=c0ce23ea-43fc-4be4-beee-c01478122a0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:76:e6:a0:89:c4:93:4f:ac:27:32:5d:ce:00:
                    fa:36:b0:e4:a8:77:69:dc:12:2b:ad:45:20:27:6d:
                    d8:80:57:a6:3f:57:f1:55:72:c2:08:3f:57:2b:fc:
                    8c:d4:59:e2:89:3c:f4:43:42:f6:32:13:7b:06:c3:
                    e2:fd:26:28:51:70:2e:25:b7:12:7e:60:97:2a:39:
                    24:cc:53:1e:d1:ae:e0:93:c3:18:58:39:84:78:1c:
                    10:4e:9b:d7:7e:47:d7:e2:c2:11:6d:b9:87:14:03:
                    ba:e8:9d:8a:0c:a9:61:dd:e7:7e:f5:19:1c:96:26:
                    33:e8:4e:6d:62:ed:a5:03:5f:09:40:e1:9a:2d:ee:
                    34:b0:db:c3:4e:c2:9b:f7:a3:15:36:6e:b0:21:b1:
                    0a:d2:35:00:47:96:e4:55:16:3d:70:92:55:be:24:
                    96:3e:b4:e5:c1:55:c0:e6:08:9c:1a:a0:fc:63:98:
                    e5:d6:50:8b:a2:0a:fe:9d:55:af:cf:7a:c2:68:36:
                    8e:eb:30:d8:fa:68:fb:1a:34:51:14:8f:16:47:82:
                    99:84:94:ca:f5:9f:44:b2:5b:2e:b5:6d:df:be:09:
                    7a:44:f6:1f:ff:a1:f0:1a:94:2d:1e:ab:71:94:74:
                    3e:30:2c:64:fc:45:d2:f5:9a:35:4b:94:ad:92:6f:
                    6c:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:35:2F:BD:B3:9A:C0:86:8A:3A:9C:36:8C:1E:7C:D2:93:2D:05:9D
            X509v3 Authority Key Identifier:
                keyid:55:A8:DD:45:D9:44:13:F9:D1:92:F5:2C:63:CE:8C:FB:C6:14:96:B8

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/0357272c-a79a-45bf-9586-92dd49ef3223/1433ebff-dfd6-4c5c-b7ff-99c85139d4a8/278aab878f2662ce14e905e18ebcb7522f92b3684bc4865b4d.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/e9304f96-c595-4a68-9105-50ed6fd6dd26.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/16f1ffee-7461-4674-bb05-fddefa9a02c6/JmLOFOkF4Y68t1IvkrNoS8SGW00.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  199.36.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:44:83:13:6b:19:4b:6c:7d:a5:ea:09:86:5e:fc:88:6a:22:
         a9:ea:1b:e9:d8:02:c1:20:3d:67:d7:58:b5:d8:7b:ca:8d:8e:
         b5:33:0e:b0:3d:b5:df:02:7c:6b:80:34:fc:8e:02:52:52:25:
         d1:ba:ed:4a:88:fe:4b:c7:2e:84:cc:8e:c4:8c:fc:4b:cf:df:
         fc:4c:3d:f3:d1:0a:2b:52:a3:58:14:fa:15:17:a6:72:18:b0:
         cf:ca:d6:63:1f:5e:59:a0:91:ba:8e:7e:16:07:01:e7:91:a7:
         cc:8c:2b:09:cc:d6:4c:b9:93:57:d9:a7:9a:d5:f3:f9:7e:fa:
         00:71:38:99:76:d9:b2:22:f0:dd:13:aa:24:ef:2a:59:ce:94:
         4c:2d:87:25:25:d0:bb:64:e1:7c:eb:9c:53:84:39:04:2d:d3:
         10:16:97:60:9f:77:c6:d5:d8:9f:98:61:ec:c1:c2:99:6d:d5:
         56:83:78:26:9c:40:63:a8:c3:24:6b:fe:7f:0b:c8:09:c0:e4:
         79:8c:3a:64:e3:19:c9:41:6e:73:57:c4:70:2d:97:9d:92:fd:
         18:71:b4:e4:c8:80:7f:61:ae:06:c0:da:fb:83:ba:aa:a7:47:
         c6:9c:f7:cc:2e:4e:55:ae:dc:f3:9e:9e:78:1d:24:05:91:84:
         08:00:ba:10
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUUkcTydg+PPqDA4ETJW0lLyHra8wwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyMjc4YWFiODc4ZjI2NjJjZTE0ZTkwNWUxOGViY2I3NTIy
ZjkyYjM2ODRiYzQ4NjViNGQwHhcNMjMwODE0MDAwMDAwWhcNMjMwOTE4MjM1OTU5
WjB6MUkwRwYDVQQFE0AxZTE3NTQwYmY3YjVhM2MzYmI0MjRmYzI0NTE2YTI0NTdk
NTg3MjUxNjJkYjA3ZDc4MjA4YTRlMGQwN2IwN2RlMS0wKwYDVQQDEyRjMGNlMjNl
YS00M2ZjLTRiZTQtYmVlZS1jMDE0NzgxMjJhMGUwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQC5duagicSTT6wnMl3OAPo2sOSod2ncEiutRSAnbdiAV6Y/
V/FVcsIIP1cr/IzUWeKJPPRDQvYyE3sGw+L9JihRcC4ltxJ+YJcqOSTMUx7RruCT
wxhYOYR4HBBOm9d+R9fiwhFtuYcUA7ronYoMqWHd5371GRyWJjPoTm1i7aUDXwlA
4Zot7jSw28NOwpv3oxU2brAhsQrSNQBHluRVFj1wklW+JJY+tOXBVcDmCJwaoPxj
mOXWUIuiCv6dVa/PesJoNo7rMNj6aPsaNFEUjxZHgpmElMr1n0SyWy61bd++CXpE
9h//ofAalC0eq3GUdD4wLGT8RdL1mjVLlK2Sb2x5AgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQU6zUvvbOawIaKOpw2jB580pMtBZ0wHwYDVR0jBBgwFoAUVajdRdlEE/nR
kvUsY86M+8YUlrgwDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzAzNTcyNzJjLWE3OWEtNDViZi05NTg2LTkyZGQ0OWVmMzIyMy8xNDMzZWJmZi1k
ZmQ2LTRjNWMtYjdmZi05OWM4NTEzOWQ0YTgvMjc4YWFiODc4ZjI2NjJjZTE0ZTkw
NWUxOGViY2I3NTIyZjkyYjM2ODRiYzQ4NjViNGQuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMTZmMWZmZWUtNzQ2MS00Njc0LWJiMDUtZmRk
ZWZhOWEwMmM2L2U5MzA0Zjk2LWM1OTUtNGE2OC05MTA1LTUwZWQ2ZmQ2ZGQyNi5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzE2ZjFmZmVlLTc0NjEtNDY3NC1iYjA1
LWZkZGVmYTlhMDJjNi9KbUxPRk9rRjRZNjh0MUl2a3JOb1M4U0dXMDAuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBADHJHgwDQYJKoZIhvcNAQELBQADggEBAFlEgxNrGUtsfaXqCYZe/IhqIqnq
G+nYAsEgPWfXWLXYe8qNjrUzDrA9td8CfGuANPyOAlJSJdG67UqI/kvHLoTMjsSM
/EvP3/xMPfPRCitSo1gU+hUXpnIYsM/K1mMfXlmgkbqOfhYHAeeRp8yMKwnM1ky5
k1fZp5rV8/l++gBxOJl22bIi8N0TqiTvKlnOlEwthyUl0Ltk4XzrnFOEOQQt0xAW
l2Cfd8bV2J+YYezBwplt1VaDeCacQGOowyRr/n8LyAnA5HmMOmTjGclBbnNXxHAt
l52S/RhxtOTIgH9hrgbA2vuDuqqnR8ac98wuTlWu3POenngdJAWRhAgAuhA=
-----END CERTIFICATE-----